{"id":"MGASA-2024-0098","summary":"Updated tcpreplay packages fix security vulnerabilities","details":"Within tcpreplay's tcprewrite, a double free vulnerability has been\nidentified in the tcpedit_dlt_cleanup() function within\nplugins/dlt_plugins.c. This vulnerability can be exploited by supplying\na specifically crafted file to the tcprewrite binary. This flaw enables\na local attacker to initiate a Denial of Service (DoS) attack.\n(CVE-2023-4256)\nNull Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay\n4.4.4 allows attackers to crash the application via crafted tcprewrite\ncommand. (CVE-2023-43279)\n","modified":"2026-01-31T09:44:17.683331Z","published":"2024-03-28T03:52:55Z","related":["CVE-2023-4256","CVE-2023-43279"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0098.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33013"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EHUILQV2YJI5TXXXJA5FQ2HJQGFT7NTN/"}],"affected":[{"package":{"name":"tcpreplay","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/tcpreplay?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.3-2.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0098.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}